[1174] | 1 | /* |
---|
| 2 | * $HeadURL$ |
---|
| 3 | * $Revision$ |
---|
| 4 | * $Date$ |
---|
| 5 | * |
---|
| 6 | * ==================================================================== |
---|
| 7 | * |
---|
| 8 | * Licensed to the Apache Software Foundation (ASF) under one or more |
---|
| 9 | * contributor license agreements. See the NOTICE file distributed with |
---|
| 10 | * this work for additional information regarding copyright ownership. |
---|
| 11 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
---|
| 12 | * (the "License"); you may not use this file except in compliance with |
---|
| 13 | * the License. You may obtain a copy of the License at |
---|
| 14 | * |
---|
| 15 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
| 16 | * |
---|
| 17 | * Unless required by applicable law or agreed to in writing, software |
---|
| 18 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
| 19 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
| 20 | * See the License for the specific language governing permissions and |
---|
| 21 | * limitations under the License. |
---|
| 22 | * ==================================================================== |
---|
| 23 | * |
---|
| 24 | * This software consists of voluntary contributions made by many |
---|
| 25 | * individuals on behalf of the Apache Software Foundation. For more |
---|
| 26 | * information on the Apache Software Foundation, please see |
---|
| 27 | * <http://www.apache.org/>. |
---|
| 28 | * |
---|
| 29 | */ |
---|
| 30 | |
---|
| 31 | package br.gov.serpro.cert; |
---|
| 32 | |
---|
| 33 | import java.security.cert.X509Certificate; |
---|
| 34 | |
---|
| 35 | import javax.net.ssl.X509TrustManager; |
---|
| 36 | import javax.swing.JOptionPane; |
---|
| 37 | |
---|
| 38 | import java.security.cert.CertificateException; |
---|
| 39 | import org.apache.commons.logging.Log; |
---|
| 40 | import org.apache.commons.logging.LogFactory; |
---|
| 41 | |
---|
| 42 | /** |
---|
| 43 | * <p> |
---|
| 44 | * AuthSSLX509TrustManager can be used to extend the default {@link X509TrustManager} |
---|
| 45 | * with additional trust decisions. |
---|
| 46 | * </p> |
---|
| 47 | * |
---|
| 48 | * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a> |
---|
| 49 | * |
---|
| 50 | * <p> |
---|
| 51 | * DISCLAIMER: HttpClient developers DO NOT actively support this component. |
---|
| 52 | * The component is provided as a reference material, which may be inappropriate |
---|
| 53 | * for use without additional customization. |
---|
| 54 | * </p> |
---|
| 55 | */ |
---|
| 56 | |
---|
| 57 | public class AuthSSLX509TrustManager implements X509TrustManager { |
---|
| 58 | |
---|
| 59 | private X509TrustManager defaultTrustManager = null; |
---|
| 60 | |
---|
| 61 | /** Log object for this class. */ |
---|
| 62 | private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class); |
---|
| 63 | |
---|
| 64 | /** |
---|
| 65 | * Constructor for AuthSSLX509TrustManager. |
---|
| 66 | */ |
---|
| 67 | public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) { |
---|
| 68 | super(); |
---|
| 69 | if (defaultTrustManager == null) { |
---|
| 70 | throw new IllegalArgumentException("Trust manager may not be null"); |
---|
| 71 | } |
---|
| 72 | this.defaultTrustManager = defaultTrustManager; |
---|
| 73 | } |
---|
| 74 | |
---|
| 75 | /** |
---|
| 76 | * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType) |
---|
| 77 | */ |
---|
| 78 | public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException { |
---|
| 79 | if (LOG.isInfoEnabled() && certificates != null) { |
---|
| 80 | for (int c = 0; c < certificates.length; c++) { |
---|
| 81 | X509Certificate cert = certificates[c]; |
---|
| 82 | LOG.info(" Client certificate " + (c + 1) + ":"); |
---|
| 83 | LOG.info(" Subject DN: " + cert.getSubjectDN()); |
---|
| 84 | LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); |
---|
| 85 | LOG.info(" Valid from: " + cert.getNotBefore() ); |
---|
| 86 | LOG.info(" Valid until: " + cert.getNotAfter()); |
---|
| 87 | LOG.info(" Issuer: " + cert.getIssuerDN()); |
---|
| 88 | } |
---|
| 89 | } |
---|
| 90 | defaultTrustManager.checkClientTrusted(certificates,authType); |
---|
| 91 | } |
---|
| 92 | |
---|
| 93 | /** |
---|
| 94 | * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) |
---|
| 95 | */ |
---|
| 96 | public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException { |
---|
| 97 | if (LOG.isInfoEnabled() && certificates != null) { |
---|
| 98 | for (int c = 0; c < certificates.length; c++) { |
---|
| 99 | X509Certificate cert = certificates[c]; |
---|
| 100 | LOG.info(" Server certificate " + (c + 1) + ":"); |
---|
| 101 | LOG.info(" Subject DN: " + cert.getSubjectDN()); |
---|
| 102 | LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); |
---|
| 103 | LOG.info(" Valid from: " + cert.getNotBefore() ); |
---|
| 104 | LOG.info(" Valid until: " + cert.getNotAfter()); |
---|
| 105 | LOG.info(" Issuer: " + cert.getIssuerDN()); |
---|
| 106 | } |
---|
| 107 | } |
---|
| 108 | // TODO: Implementar uma caixa de diálogo que pergunta para o usuário se ele quer aceitar o certificado do site |
---|
| 109 | // Implementado com try/catch usando JOptionPanel |
---|
| 110 | |
---|
| 111 | try { |
---|
| 112 | defaultTrustManager.checkServerTrusted(certificates,authType); |
---|
| 113 | } catch (CertificateException e){ |
---|
| 114 | //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"}; |
---|
| 115 | Object[] options = {"Aceitar Certificado", "Cancelar"}; |
---|
| 116 | switch (JOptionPane.showOptionDialog(null, "Falha na validação do seguinte certificado:\n" + |
---|
| 117 | certificates[0].getSubjectX500Principal().getName(), |
---|
| 118 | "\nO que você quer fazer?", |
---|
| 119 | JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null, |
---|
| 120 | options, options[0])) |
---|
| 121 | { |
---|
| 122 | case 2: |
---|
| 123 | // Rejeita certificado! |
---|
| 124 | throw e; |
---|
| 125 | case 1: |
---|
| 126 | // Aceita certificado permanentemente |
---|
| 127 | // TODO: Adicionar código para inserir o certificado como um certificado confiável |
---|
| 128 | break; |
---|
| 129 | // Aceita certificado para esta sessão |
---|
| 130 | |
---|
| 131 | } |
---|
| 132 | } |
---|
| 133 | } |
---|
| 134 | |
---|
| 135 | /** |
---|
| 136 | * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() |
---|
| 137 | */ |
---|
| 138 | public X509Certificate[] getAcceptedIssuers() { |
---|
| 139 | return this.defaultTrustManager.getAcceptedIssuers(); |
---|
| 140 | } |
---|
| 141 | |
---|
| 142 | } |
---|